Advanced Options for Active Directory Integration in Lion Server - dummies

Advanced Options for Active Directory Integration in Lion Server

By John Rizzo

In some cases, Mac OS X Lion Server administrators want to configure settings that only appear in the advanced options of the Directory Utility to specify particular ways that the Mac OS X Server interacts with Active Directory. In many cases, the default settings are fine, but in some cases, particularly when the AD schema is for a large company, you may need to make some specific changes to these settings.

All the advanced options specify how the plug-in accepts information from Active Directory for the server itself. The configurations are not translated to clients and groups administered by the Mac OS X Server on the Active Directory domain.

To access the advanced options for configuring the Active Directory plug-in, follow these steps:

  1. Access the Directory Utility application.

  2. Click the triangle next to Show Advanced Options at the bottom of the directory to expand the advanced options.


Three tabs are available in the advanced options:

  • User Experience: This tab lets you change some default settings for users, including changing the location of the home directory to point to an external file server rather than the hard drive on the local Mac OS X Server.

  • Mappings: This tab allows the administrator to redirect default user and group ID settings to customized extensions in the Active Directory schema. These mappings may or may not come into play, depending upon the configuration of the Active Directory schema. Contact your Active Directory administrator for details.

  • Administrative: This tab enables the administrator to direct contact between the Mac OS X Server and Active Directory domain to a specific domain server. You can also allow domain administrators or other groups to administer without the need to log in with the server’s login credentials. And you can allow the server to look up user and password information for domains administered by Active Directory that reside outside the local domain.